From owner-freebsd-pf@FreeBSD.ORG Wed Dec 3 13:19:43 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 81EF4106564A for ; Wed, 3 Dec 2008 13:19:43 +0000 (UTC) (envelope-from eculp@encontacto.net) Received: from ns2.bafirst.com (72-12-2-19.static.networktel.net [72.12.2.19]) by mx1.freebsd.org (Postfix) with ESMTP id 4A28A8FC17 for ; Wed, 3 Dec 2008 13:19:42 +0000 (UTC) (envelope-from eculp@encontacto.net) Received: from HOME.encontacto.net ([189.129.8.53]) by ns2.bafirst.com with esmtp; Wed, 03 Dec 2008 07:19:41 -0600 id 000D516C.4936876D.0000D849 Received: from localhost (localhost [127.0.0.1]) (uid 80) by HOME.encontacto.net with local; Wed, 03 Dec 2008 07:19:40 -0600 id 0004AC1A.4936876C.0000266D Received: from ed.local.net.mx (ed.local.net.mx [192.168.1.65]) by econet.encontacto.net (Horde Framework) with HTTP; Wed, 03 Dec 2008 07:19:40 -0600 Message-ID: <20081203071940.324735uokbfgyh6o@econet.encontacto.net> Date: Wed, 03 Dec 2008 07:19:40 -0600 From: eculp To: freebsd-pf@freebsd.org References: <76463C1E8CB14B958088F7E54C611560@ashevchenko> <493634DA.7000408@infoweapons.com> In-Reply-To: <493634DA.7000408@infoweapons.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (5.0-cvs) X-Remote-Browser: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.18) Gecko/20081114 Firefox/2.0.0.18 X-IMP-Server: 189.129.8.53 X-Originating-IP: 192.168.1.65 X-Originating-User: eculp@encontacto.net Subject: Re: PF + ALTQ - Bandwidth per customer X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Dec 2008 13:19:43 -0000 Quoting "Ronnel P. Maglasang" : > =D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80 =D0=A8=D0=B5=D0=B2= =D1=87=D0=B5=D0=BD=D0=BA=D0=BE wrote: >> Using ipfw+dummynet you could easily limit bandwidth per ip: >> >> $IPFW pipe 4 config bw 50KByte/s mask dst-ip 0x000003ff >> $IPFW pipe 7 config bw 50KByte/s mask src-ip 0x000003ff >> $IPFW add pipe 4 ip from any to 172.16.16.0/22 via fxp0 in >> $IPFW add pipe 7 ip from 172.16.16.0/22 to any via fxp0 out >> >> >> Using pf+altq you could limit easily bandwith for all clients: >> >> altq on $int_if cbq bandwidth 1000Mb queue { powernet_local, powernet_ine= t } >> queue powernet_local bandwidth 95% cbq(default) >> queue powernet_inet bandwidth 40Mb >> >> pass out on $int_if from to queue >> powernet_local >> pass out on $int_if from ! to queue >> powernet_inet >> >> But you could not limit bandwidth per ip using PF. >> >> > why not? you create pf+altq equivalent rules for ipfw+dummynet rules. > you may look at policy based filtering if needed. you just have to play > with "tag" and "tagged" directives. I don't remember why but for some reason I have the idea that pf+altq =20 is not bidirectional. Am I mistaken? Thanks, ed > >> Ryan McBride wrote in >> it.listserv.openbsd-pf(http://groups.google.com/group/bit.listserv.openbs= d-p >> f/msg/512d1eba9683cea6?hl=3Dru&dmode=3Dsource) >> >> >>> P.S. By the way, no chance to shaping like ipfw(dummynet), by getting >>> mask for all ip addresses? It's the last reason to stay with ipfw: >>> >> >> No, there is nothing like this in PF right now. It's on my list of >> things to look at, but that list grows faster than I can get things >> done... >> -----Original Message----- >> From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] = On >> Behalf Of Andrei Kolu >> Sent: Tuesday, December 02, 2008 11:42 AM >> To: Peter Jeremy; freebsd-pf@freebsd.org; freebsd-isp@freebsd.org >> Subject: Re: PF + ALTQ - Bandwidth per customer >> >> ipfw+dummynet is really ugly traffic "shaper" (let's face it there =20 >> is no shaping going on), because instead of limiting bandwidth it =20 >> will drop packets to simulate bad connection. I hear many years =20 >> about "trivial" configuration per user bandwidth limit with pf+altq =20 >> but never saw ANY code... You can't set bandwidth limit with PF =20 >> like 3Mbit per 100 clients if your lan card is 100Mbit. This is =20 >> just lame- in reality clients never use all bandwidth and never all =20 >> clients are connected all the time. Even Linux ipfilter does it for =20 >> years with insane cryptic commandline but it just works. >> >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >